a, what is SNMPTRAP
SNMP trap (SNMP trap) : some entrance, arrive at the entrance to make SNMP is notify the SNMP manager tube equipment, rather than waiting for the SNMP manager again polling,
SNMP Trap is part of the SNMP, when there is a specific event monitored section, may be a performance problem, even a network device interface goes down, etc., the Agent will send station alarm events, if in the presence of a particular event, not by the Agent, notify the NMS NMS must constantly to polling Agent, this is very waste, the method of computing resources as they inform the CPU interrupt the arrival of the data, rather than allow the CPU to polling, the Trap notification is more reasonable choice, in a nutshell, the SNMP Trap is managed devices initiative to send a message to a mechanism of NMS,
CodePudding user response:
2, SNMPTRAP functional features1, event driven, the first time received equipment malfunction alarm
Based on event driven, by monitoring the host, network equipment, used in the event of a failure to send SNMP Trap NMS, received through SNMP Trap, translated and show, with the fastest speed to send alarm management, SNMP Trap is different from the SNMP initiative acquisition, SNMP collection server according to the fixed time interval, by a network management system in order to ask the way, the collected by monitoring performance indicators, thus found by monitoring performance problems may vary depends on the collected frequency interval, and SNMP Trap based on event driven, the monitored side set the Trap, once they are monitoring equipment related problems, immediately send SNMP Trap, so being able to find fault in the shortest possible time, avoid because of the economic consequences of the equipment failure,
2, provide receiving SNMP Trap, and through to the Trap information translation, show events
Support equipment, the host and the application of SNMP Trap information, from passive to active, comprehensive monitoring IT system, through the translation of SNMP Trap and show, once a IT components appear problem, can in a short time, can receive the fault information, meet the needs of enterprise quickly found the problem,
Through SNMP Trap receive a rule definition, the administrator can filter the important equipment of the Trap information, also can filter by monitoring the fault information is the important equipment, help administrators really need management information received in the first place,
3, custom SNMP Trap alarm trigger the alarm rules, to provide a variety of ways to send the alarm information
By the user custom require the information of the SNMP Trap alarm management end, for a specific SNMP Trap event via email, SMS, voice, WeChat to send alarm to the related personnel, help managers receive IT system fault information quickly,
4, export support events
Summary given time specific SNMP Trap event, at the same time, can export the event data in Excel format, easy management personnel to make statistics and analysis of fault information,
5, support various types of import of the equipment manufacturer MIB library
Although the domestic various network equipment support SNMP Trap, but each manufacturer of MIB library is not very good support public standard, therefore, a lot of monitoring system is supported by private MIB library of import, make sure you are able to fully compatible with SNMP Trap information of each manufacturer equipment,
CodePudding user response:
three, SNMPTRAP workflow1, the Agent side
A, good writing MIB files, make sure the TRAP names and other information (general MIB equipment vendors will provide)
B and ordered way: send all kinds of the TRAP command (behind the Manager address must add port number 162), the Manager depends on reaction results, no reaction on the Agent end
C, automatic trigger: configure SNMPD. Conf Settings to trigger the TRAP, some kind of error system automatically triggers the corresponding type of TRAP, sent to the Manager
Part D, mode of application: the TRAP need to write a C language program, use the corresponding API (send_easy_trap or send_v2trap) send
2, Manager
A, configure snmptrapd. Conf file, set access permissions
B, to import the MIB files to mibs folder
C, perl scripting languages such as write programs to deal with the trap
D, configuration snmptrapd. Conf file, add traphandler item, different TRAP on the corresponding to the different treatment program
3, the flow chart of
Figure in the test machine M1 snmptrapd starting up process, and on the UDP port 162 to monitor the SNMP Trap information, once received the Trap, snmptrapd receives the Trap information content to print to a local text file, sending SNMP Trap machine M2 simulation equipment, calls the net - SNMP snmptrap command line program to send a Trap,
CodePudding user response:
4, SNMPTRAP implementation process on the ZABBIX1, set the ZABBIX receiving SNMP Trap
1), the installation depends on the package
Yum install - y net - SNMP - utils net - SNMP - perl
2), download and unpack the Zabbix source package
The tar ZXVF zabbix - 2.2.1. Tar. Gz
3), copy the script from source file and add execute permission
Cp./zabbix - 2.2.1/misc/snmptrap zabbix_trap_receiver. Pl/usr/binchmod + x/usr/bin/zabbix_trap_receiver. Pl
4), set the Trap receiver and group name
Vi/etc/SNMP/snmptrapd. Conf
# you can set multiple community names:
# authCommunity execute public
# authCommunity execute S7di @ kjh8
AuthCommunity execute public
Perl do "/usr/bin/zabbix_trap_receiver. Pl"
5), the editor zabbix_server. Conf configuration file to enable SNMP Trap
Vi/etc/zabbix zabbix_server. Conf
StartSNMPTrapper=1
SNMPTrapperFile=/TMP/zabbix_traps. TMP (note: must be with zabbix_trap_receiver. Pl script set in the same)
6), restart zabbix_server services make the configuration take effect
The/etc/init. D/zabbix server restart
7), set the SNMP MIBs
MIBs default in the system directory/usr/share/SNMP MIBs, add the name to the/etc/SNMP MIB/SNMP conf configuration file (if there is no new configuration file manually), they will be Net - the SNMP process used to resolve the trap OID value,
Example: mibs + JUNIPER - MIB: JUNIPER - FABRIC - CHASSIS: BGP4 - MIB
8), restart snmptrapd service
The/etc/init. D/snmptrapd restart
2, configuration ZABBIX
1), create SNMP trap "fallback" template and the SNMP trap "fallback" monitoring item:
Monitoring item name: SNMP trap fallback
SNMP trap types:
Keys: snmptrap) fallback
Data type: the Log
Note: the monitoring items used to collect all does not match the trap
2), create a trigger to notify administrators about new does not match the trap:
The trigger NAME: Unmatched SNMP trap received from {HOST. The NAME}
Expressions: {Template SNMP trap fallback: snmptrap) fallback. Nodata (300)}=0
3), create SNMP traps "Template" Template and link to "Template SNMP trap fallback"
SNMP traps in the "Template" Template, create need for trap monitoring. The key value using snmptrap regex format,
Example:
Key: snmptrap [" SNMPv2 - MIB: : coldStart "]
Alternative OID values (digital or text), you can use any words/phrases in the text, through a trap:
Key: snmptrap [" No route to host "]
In this case, the Zabbix captures all from matching the address of the SNMP Trap contains "No route to host",
4), create a trigger for monitoring items
Created earlier template for the necessary project (Trap) create a trigger.
Example involves some variables here, in front of the monitoring items as an example to create a trigger:
Expressions:
{Template SNMP traps: snmptrap [" SNMPv2 - MIB: : coldStart "]. Nodata (5 m)}=0
Mean if after 5 minutes, the trap receive and return OK status automatically, and trigger to enter a state of warning
5), see the ZABBIX access to data
5, summary
SNMP Trap is an event-driven way of monitoring, avoid the waste of resources of the monitoring system, improve the timeliness and accuracy of the warning, many current monitoring system provide SNMP Trap monitoring mode, active monitoring is the recommended option,
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull